← back
CVE-2024-33896

CVE-2024-33896

CVSS 7.2 HIGHEPSS 4.0%CWE-78
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7.2EPSS 4.0%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
02 Aug 2024Published on NVD
10 Apr 2025Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s3.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →